Understanding Office 365 Logon Events to Catch Intrusion Attempts

Let’s say you are being targeted. Because of your good security, the attacker has failed in his phishing attempts to gain access to any internal end points. But he knows you use Office 365 and he realizes that important information is always to be found in email. After all we work on what’s important and send and receive a lot of email about whatever we are working on.

So the attacker searches LinkedIn, Data.com and other sites to identify the people at your organization likely to have access to the information he needs. With that information, he begins attacking those accounts directly on Office 365.

Questions:
- Would you even know the attack was taking place?
- What could you do about it?
- Would you have any idea if it were successful?
- Could you correlate this activity from other activity affecting the same person but on different clouds or originating from the same attacker?

In this webinar, Randy Smith of Ultimate Windows Security will do a deep-dive specifically on logon/logoff events from the Office 365 / Azure AD audit logs.

You'll learn:
- How to get these events
- Which events are logged
- What data is provided
- How events look different depending on whether you use federation (e.g. ADFS) or not

We'll then discuss how to analyze these data to detect risks and correlate with other threats, and Sacha Dawes of AlienVault will show how AlienVault USM Anywhere combines Office 365/Azure AD audit data with the rest of your security activity to alert you to threats.

Watch It Now!

Please consent to processing of your data in order to access the requested resource.

I would like to receive communications from AlienVault and consent to the processing of the personal data provided above in accordance with and as described in the Privacy Policy.I consent to the processing of the personal data provided above in accordance with and as described in the Privacy Policy.